• Introduction

    Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. There are two implementations of the Apache Axis2 Web services engine – Apache Axis2/Java and Apache Axis2/C.

    Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.

    Penetration Testing

    1. Installing Nessus, please visit here. Scanning vulnerability using Nessus.

      screenshot-from-2016-11-28-16-30-25

    2. Using exploit/multi/http/axis2_deployer module on Metasploit
      This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.

      screenshot-from-2016-11-28-16-32-45

    3. Enjoy!

    DEMO